10Fold – Security Never Sleeps – 40

Big items to consider: An EU watchdog said on Wednesday it needed time to study a new EU-U.S. agreement on data transfers to determine whether the United States was committed to limiting intelligence surveillance of Europeans. Charles Harvey Eccleston, a former employee of the U.S. Department of Energy and the U.S. Nuclear Regulatory Commission (NRC), pled guilty Tuesday to charges of attempting to extract sensitive, nuclear weapon-related information by hacking into his former colleagues’ computers. Developers of the Socat networking tool have fixed a cryptographic flaw that left communications open to eavesdropping for over a year. Hacking group AnonSec claims to have breached NASA’s network and to have temporarily gained partial control of a NASA Global Hawk drone.

An EU watchdog said on Wednesday it needed time to study a new EU-U.S. agreement on data transfers to determine whether the United States was committed to limiting intelligence surveillance of Europeans. Negotiators from the European Union and the United States agreed the data pact on Tuesday. It will replace the Safe Harbor framework, which a top EU court ruled illegal last year amid concerns over mass U.S. government snooping. Under the new Privacy Shield, the Commission said U.S. companies would face stronger obligations to protect Europeans’ personal data, including limitations to U.S. surveillance programs. There are concerns on the transfer regarding the scope of surveillance and particularly the remedies. The question is whether the new arrangement answers these concerns or not.

Charles Harvey Eccleston, a former employee of the U.S. Department of Energy and the U.S. Nuclear Regulatory Commission (NRC), pled guilty Tuesday to charges of attempting to extract sensitive, nuclear weapon-related information by hacking into his former colleagues’ computers. The 62-year-old tried to information from computers at the Department of Energy through “spear-phishing” emails with the intent of selling this information to an unnamed foreign government. Thanks to the work of the FBI, this former federal employee was arrested before he could do any damage and he now is being held accountable for actions that could have threatened our national security.

Developers of the Socat networking tool have fixed a cryptographic flaw that left communications open to eavesdropping for over a year. The error is so serious that members of the security community believe it could be an intentional backdoor. Socat can create encrypted connections using the Diffie-Hellman (DH) key exchange mechanism, which fundamentally relies on a prime number to derive the shared secrets for key exchanges. It turns out that the 1024-bit DH parameter used by Socat was not actually a prime number. Whether the flaw was intentional or not, its existence does highlight the ease with which cryptographic backdoors can be introduced into projects without maintainers noticing.

Hacking group AnonSec claims to have breached NASA’s network and to have temporarily gained partial control of a NASA Global Hawk drone. To support its claim, AnonSec says it has posted 250GB of data exfiltrated from NASA servers. Allard Beutel, acting director of NASA’s news and multimedia division, in an email denied the group’s assertions about the drone, and said the alleged breach is being investigated. AnonSec acknowledges that at least some of the data posted is public, but the group claims it “wanted access to the raw data, straight from the backend servers, to see if they [NASA] were not publishing some of the data or possibly tampering with the data.” NASA does offer an online directory but only to authorized NASA personnel. While it’s plausible that AnonSec could have scraped websites for email addresses and phone numbers in order to present them as purloined data, a hack seems more likely, particularly in light of other details provided, like the use of weak passwords.

10Fold Content Newsletter

Popular Post

Our Client – AppDynamics

Get in Touch with 10Fold!

With offices based in San Francisco, the California Bay Area and Southern California, 10Fold Communications is conveniently located in the epicenter of technology innovation.

About

10Fold Communications is a high-tech integrated marketing and public relations agency. We leverage our specialized skills and our well-established media and analyst relations to provide you with far-reaching perspectives, insights and results. We’re dedicated to your success and we have the know-how to make it happen..